Hi guys, having the same issue with adding this line, it won't accept dst address: /ip ipsec policy add src-address=10.0.35.0/24:any dst-address=10.0.10.0/24:any sa-src-address=10.0.56.30 sa-dst-address=10.0.56.29 tunnel=yes action=encrypt proposal=default invalid value for argument dst-address: val...
Trying to find by incomplete comment ROS 5.15: ip dhcp-server lease print where comment="customer" but full comment is "customer 0001 blablabla","customer 0002 blablabla", when using command above,- shows nothing. but when comments only such as "0001","00...
Yes few times was shown to me, firewall eats (and every time profile sends me to a mikrotik support, because can't display something from profile), but if I have 100 Mhz in settings, I thing a fly will eat it too. With my configuration or (not configured), throughput is not above 20 Mbps, and local ...
Mine is too 5.14, but something wrong with it.
take a suppout.rif and send it to MT support@mikrotik.com
maybe they fix this faster... my customer alittle becomes MAD (((
Look at the cstrutt 's comment, it realy work ! c:\Program Files (x86)\Dude\dude.exe), right mouse select Properties click on the Compatibility tab then check the "Run this program as an administrator" Kill service, start again and vuala :) Thanks to cstrutt 's comment, the second day star...
from your side, because you have different imagination of task that I can understand
I'll try to harder my configuration... Anyway thank you for attention !
Hel, as I understand ... or you can qos packets in global-in (global-in for upload and download) and limit users bandwidth in global-out (global-out for download and upload), just make sure you mangle packets accordingly. I need for services prerouting mangle rules with src=>dst=download and dst=>sr...
It means, that I need to catch download traffic only from local interfaces (eth1,eth2,eth3,vl2,vl4,vl8), and upload from wan interfaces (wan1,bgp1,bgp2)???
here is my config, no nat QOS priority for services is working fine in both way. Shaper Users download is working too, Shaper Users upload does nothing, takes all bainwidth. ::services:: /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=0 name=ensign_se...
Can please anyone help to understand how to catch traffic on Mangle marked customers (forward) between global in (prerouting) and global out (postrouting) marked services ... ???
So great discussion you have.. but serious, do somebody find out how ?? and where to setup correctly? I only find if I marking postrouting to global out, my interface queues for customers are empty. /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \ max-limit=0 n...
Thank you for the answer, just turned off default forward, and put my MAC (printer MAC) to an access list forward = yes, auth = no. So it will be great if it works Can't test it at the moment
Good day ! I increased MTU size on RouterOS till 9216 on ethernet which belongs to 400 VLAN 1500 MTU, because on other side it connected to a programmable Switch where programmed Giga Ethernet 9216 MTU,and VLAN 400 - 1500 MTU.. Seems to ERROR drops not happened anymore, but ROS eating alittle bit mo...
I tried to move 400 vlan on a different interface ~ 4eth,- seems to rx errors coming from it, but all the options is the same on both 500 and 400 VLAN's... How can I catch those packets ??
Please help me to analyse what happens with packets that are received with errors. How and where I can collect them to analyse??? And also wants to see what happens with dropped ones.. Tried to use internal logging, but there is hothing about error and drop.. Packet errors happens when it wish, so I...
http://wiki.mikrotik.com/wiki/File:IP_final.png So to mark INCOMMING traffic I need to use PREROUTING mangle and the GLOBAL-IN queues to mark OUTGOING traffic I need to use POSTROUTING mangle and the GLOBAL-OUT queues ? I'am right ?? But if I had 1 BGP and 2 BGP peer, where to catch INC and OUT traf...
Is there a difference where to catch MARK traffic ??? (prerouting, postrouting, forward) ??? As I saw not all traffic goes on a prerouting chain.. where to effective catch it ??
Can anybody find how to priorityse the uTorrent traffic ?!??? I'm using example by Janis Megis (http://wiki.mikrotik.com/images/8/8d/QoS_Megis_%28Russian_translate_by_white_crow_rev.2%29.pdf), BUT 'Other' type of packets is MORE than known in mangle: /ip firewall mangle add action=mark-packet chain=...
Try to use Mark rules by time to a specific marks, then pick them in queue tree. /ip firewall mangle add action=mark-connection chain=forward comment=all_traffic disabled=no \ new-connection-mark=traffic_conn passthrough=yes src-address-list=ppoe add action=mark-packet chain=forward connection-mark=...
packet_drop.JPG Good day, Help me please to discover the problem, is that comes because I using simple queues ?? As I understand Rx Drops happens when the: Queue rate is reached it's MAXimum possibility to transfer packets. Or it is simply the NIC's limitation ??? Can't imagine, CPU 4 cores isn't p...
Thanks will try,
But as I understand it affects to all users in networks ?
Or I can do this only for those IP's which I mark example PC1 = pcq download/upload, PC2 = pcq down/upl?
I need some adwise, in how to realize this scheme. All traffic is aprox 300 Mb/ps, need a rule, in which I can put some IP addreses , to reserv them about 2 mb/ps, so they allways has 2 mb/ps; but if traffic is healthy, they use more than 2 mb/ps but not less than 2 mb/ps. What kind of features used...
I found the way ! Thanks to this article http://www.mikrotik.com/testdocs/ros/3.0/pnp/proxy.php chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address-list=gues_who dst-address-list=!local-addr in-interface=!Public dst-port=80 I created rule that collects all of these non known IP's, ;;...
I think I need this rule, because Utorr uses src port 80 = to dst (UPORT)
chain=dstnat action=redirect to-ports=8080 protocol=tcp
src-address-list=!known_users in-interface=!Public src-port=!80
dst-port=80 connection-mark=http
Now chain contains : I will check it ! chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address-list=!known_users in-interface=!public dst-port=80 connection-mark=http But I think I need to restrict forward rules, I don't need to traffic comes from outside Public. In access log on webserv...
hmm, so I need to pass them thrue, add to list "specified" for looking homepage, and do 1-2-3-steps ? I'm sory for the stupid questions, alittle can't understand the policy (as I think it is inverted than in linux iptables )
It is so logic ! Thank you for help ! Also I have a 3 DHCP subnets on LAN1 LAN2 LAN3, working with arp reply only, how can I redirect all other users, who have a problems, or not have a static entry - to my web page local? 1. I need to create 3-rd address list which contains all exepted adresses 2. ...
Yes you right, all local services are permitted to time_restricted users. I allready have a rules : add action=accept chain=forward comment="Allow traffic between clients" \ disabled=no in-interface=LAN1 out-interface=LAN1 add action=accept chain=forward comment="Allow traffic between...
Web page and FTP is internal address space. So as I understand, to filter traffic only for users in adress list I need to do : /ip firewall address-list add address=10.10.10.x list=time_restricted - Users whom need to be restricted /ip firewall address-list add address=10.10.10.x1 list=local-addr - ...
Can you advice please in how-to realize the time restriction on MTA. I have an NTP time server and Client, address list, predefined rule in firewall (which allows only internal ftp and homepage conection). I need to enable at 18:00 and disable at 08:00 this rule in scheduler, to restrict access outs...